Connecting to Amazon S3 - data_integration_1 - discovery - spectrum_platform - 23.1

Spectrum Discovery Guide

Product type
Software
Portfolio
Verify
Product family
Spectrum
Product
Spectrum > Discovery
Version
23.1
Language
English
Product name
Spectrum Discovery
Title
Spectrum Discovery Guide
Topic type
How Do I
Reference
Overview
First publish date
2007
ft:lastEdition
2024-02-07
ft:lastPublication
2024-02-07T17:21:58.768552
Important: The Amazon S3 connection supports data bucket present in the region us-east-1 only.
  1. Access the Connections page using one of these:
    Spectrum Management Console:
    Access Spectrum Management Console using the URL: http://server:port/management console, where server is the server name or IP address of your Spectrum Technology Platform server and port is the HTTP port used by Spectrum Technology Platform.
    Note: By default, the HTTP port is 8080.
    Click Resources > Connections.
    Spectrum Discovery:
    Access Spectrum Discovery using the URL: http://server:port/discovery, where server is the server name or IP address of your Spectrum Technology Platform server and port is the HTTP port used by Spectrum Technology Platform.
    Note: By default, the HTTP port is 8080.
    Click Connect.
  2. Click the Add connection button .
  3. In the Connection Name box, enter a name for the connection. The name can be anything you choose.
    Note: Once you save a connection you cannot change the name.
  4. In the Connection Type field, choose Cloud.
  5. In the Cloud service field, choose AmazonS3.
  6. In the Bucket name field, enter the bucket name as defined in your Amazon S3 cloud service. This is the bucket where Spectrum Technology Platform will read and write files.
  7. Enter your access key and secret key assigned to you by Amazon.
  8. In the Storage Type, field select the level of redundancy that you want to allow for data storage.
    Standard
    The default level of redundancy provided by Amazon S3.
    Reduced redundancy
    Stores non-critical and easily-reproducible data at lower levels of redundancy. This provides fairly reliable storage at a lower cost.
  9. In the Encryption section, select the encryption method for the data. You can select server side encryption, client side encryption, or both.
    Server side key
    The data is encrypted and decrypted at the server side. Your data is transmitted in plain text to the Amazon cloud service where it is encrypted and stored. On retrieval, the data is decrypted by the Amazon cloud service then transmitted in plain text to your system.
    You have two options for specifying the key:
    • AWS managed: The key is automatically generated by the Amazon S3 cloud service.
    • Customer provided: Enter the key to be used by the Amazon S3 cloud service to encrypt and decrypt the data on the server side. Server-side customer-managed encryption needs to be enabled on the bucket. To do this, a key needs to be set up in the AWS KMS. Use the AWS S3 console and give the Key ID (available in the KMS) as the input while setting up the S3 connector in the Spectrum management console.
    Client side key
    The data is encrypted and decrypted at the client side. The data is encrypted locally on your client system then transmitted to the Amazon S3 cloud storage. On retrieval, the data is transmitted back in an encrypted format to your system and is decrypted on the client system.

    Client side key: Enter the key to be used by your client system to encrypt and decrypt the data. Any random text can act as the encryption key to be provided while setting up the S3 connector in the Spectrum management console.

    If you select both Server side key and Client side key, encryption and decryption is performed at both server and client sides. Data is first encrypted with your client side key and transmitted in an encrypted format to Amazon, where it is again encrypted with the server side key and stored. On retrieval, Amazon first decrypts the data with the server side key, transmitting the data in an encrypted format to your system, where it is finally decrypted with the client side key.

    For more information about Amazon S3 encryption features, see:

    docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

    Note:

    A file that has been encrypted with a given key while being created in the bucket can be read using the same key, and decryption takes place while fetching the file from the bucket. If the key differs, the decryption process will throw exceptions.

  10. If you want to set access permissions, in the Permissions section, click .

    The three kinds of Grantees are:

    Everyone
    Every one else other than Authenticated Users and Log Delivery group.
    AuthenticatedUsers
    For users who are logged into Amazon.
    LogDelivery
    For users who write activity logs in a user-specified Bucket, if Bucket Logging is enabled.

    For each Grantee, select the desired permissions:

    Open/Download
    Allow the user to download the file.
    View
    Allow the user to view the current permissions on the file.
    Edit
    Allow the user to modify and set the permissions on the file.
  11. To test the connection, click Test.
  12. Click Save.